GPEA is a giant step toward hassle-free government

Dec 14, 1998

The passage of the Government Paperwork Elimination Act means that major changes are in the wind for federal information technology.

Despite a lack of fanfare, this legislation promises to be as significant as the Brooks Act of 1965, the Paperwork Reduction Act of 1980 and its 1995 amendments, or the Information Technology Management and Reform Act of 1996.

From the point of view of citizens, GPEA is far more significant; it is a milestone toward what the National Partnership for Reinventing Government calls hassle-free government. Previous acts changed how government conducted its internal business, but GPEA will transform how federal agencies deal with the public.

Taking advantage of this falls rush to recess and re-election, a number of forwarding-thinking members of Congress set an aggressive IT agenda for agencies. Based on electronic commerce legislation originally proposed by Rep. Anna Eshoo (D-Calif.), the GPEA was sponsored by Sen. Spencer Abraham (R-Mich.) and incorporated into S 442, the Internet Tax Freedom Act. The House added S 442 as an amendment to HR 4328, its omnibus appropriations bill, and passed it on Oct. 20. HR 4328 was signed soon after by President Clinton, making GPEA the law of the land.

GPEA sets ambitious deadlines for online application submissions for federal programs and benefits. It further requires the federal government to set standards for and then use electronic signatures for forms submitted online.

The act contains privacy provisions designed to protect the personal information of people using electronic signatures.

It requires the Office of Management and Budget, in consultation with the National Telecommunications and Information Administration, the private sector and state governments, to set procedures within 18 months for use and acceptance of electronic signatures by federal agencies. The act also gives OMB the same amount of time to develop procedures to permit private employers to store, and to file electronically with federal agencies, forms pertaining to their employees.

Federal agencies will in five years be required to accept those electronic submissions except when they are impractical or inappropriate.

If recent history is any indication, these deadlines will be difficult to meet.

Although GPEA and its congressional authors made a point of using technologically neutral language, public-key and private-key encryption is seen as the likely route to secure documents and signatures.

For the past two decades, the National Institute of Standards and Technology, sister agency to NTIA, has had the governmentwide lead on security standards.

However, the nearby National Security Agency has outspent NIST to the point that the Defense agency has dominated federal digital signature standards. Commercial and international enterprises have objected to DODs insistence on weak algorithms and back-door keys to permit law enforcement agencies to unlock encrypted messages.

The designation of strong encryption as nonexportable munitions, plus two decades of bureaucratic bickering, have stifled electronic commerce and hobbled federal-sector use of the technology. OMB is therefore unlikely to accomplish in 18 months what NIST has not been able to do in 18 years.

NTIA, also part of the Department of Commerce, assigns radio spectrum and handles other telecommunications concerns. NTIA would seem a strange choice for this new task, as it has had little visible activity in digital signature technology. Although NTIA is in Colorado, far from NSAs Fort Meade, Md., headquarters and the Pentagon, its naive to think the geographical distance will prevent DOD from applying its considerable resources to shape NTIAs recommendations.

On the other hand, Denver is experiencing a major boom in high technology, so perhaps GPEA advocates expect NTIA to favor commercial interests over those of Defense. This may be true initially, but given the clout of DOD relative to Commerce, Defense will prevail unless Congress intervenes.

So OMB has lots of regulations to write, and agencies will have to comply with themall against a backdrop of uncertainty over how to handle electronic records in the first place.

This just begins to describe the implications of GPEA. The privacy implications rival those of the Privacy Act of 1974. More on this to come.

Walter R. Houser, who has more than two decades of experience in federal information management, is webmaster for a Cabinet agency. His own Web home page is at http://www.cpcug.org/user/houser.